Blog

1.2 Million Passwords Stolen by Russian Hackers

The latest in a long list of recent security breaches should have people alarmed, but as of now, there is no need to panic. The data that was stolen by this group of Russian hackers hasn’t really been used to access your private information as much as it has been used to send links and strange websites to your friends through your email or Facebook. Most of the time these links are for fake products like weight-loss pills, which the majority of people know they shouldn’t be clicking on anyway. However, this hack does mean that big changes need to be made across the web; just because this group isn’t using the data to access sensitive information doesn’t mean they can’t sell it to a group that would.

Hold Security, the company that discovered the breach, stated that the 1.2 billion credentials is likely the largest collection of data ever stolen by a single hacking group. However, because of nondisclosure agreements, the firm couldn’t actually state which websites were affected. It also didn’t want other hackers getting any ideas and exploiting the vulnerabilities further.

Some 420,000 websites were compromised, and it wasn’t just small sites either. The breach didn’t include any major email providers, but if you use the same password for your email as many of us do, your friends may be in for some bogus links shortly.

Alex Holden, Hold Security’s CEO, stated that since the hacking group isn’t really touching any sensitive information, they flew under the radar for longer than they should have. The group began amassing their data by purchasing it from shady data dealers, but then expanded their database by using a program that creeps throughout the Internet with one goal in mind: finding vulnerabilities on any and all websites.

While it’s true that this means websites should enforce better security on their end, users should focus on their part as well. Using the same exact password across a number of services can be dangerous. Even though this particular group doesn’t steal data to hack into finances, it isn’t uncommon for Russian and other Eastern European hackers to launch large, complicated attacks that are aimed at stealing credit card numbers and identities.

So what can you do? Make sure when it’s available that you utilize two-step authentication. Most banks have employed this kind of security, and so has Google, Craigslist, Dropbox, and Facebook, to name a few.

In addition to utilizing built-in two-step authentication, make sure you don’t use the same exact password for your social media as you do your email and other log-ins, no matter how complicated it is. There are many password strategies you can use, from using different passwords for every single website to having high security and low security passwords. Choose the best method for you and stick to it; don’t give in because you keep forgetting a password. While websites continue to improve their security, individuals must work in tandem with those efforts to truly protect important information.

This particular Russian group makes plenty of money fooling the friends and family of victims by sending out spam via email and social media. If you see any of this spam, report it. It’s uncommon that we check our own Facebook feeds or sent emails folder, so alert that account owner so they can play a part in protecting their data, too.